2 Answers
2

If it were true, this would violate the basic security construction of AES in the Chosen Plaintext Attack model (which is a good model we like to use when evaluating the security of a PRP): An adversary $A$ queries a black box with his own plaintext, trying to decide if the black box is outputting AES permutation of the input or a random one. Successfully guessing which one (AES or a real random permutation) the black box is performing is victory for $A$. So $A$ could issue a request to the AES encryption blackbox for X, Y, and X $\mathbin{\oplus}$ Y, and get back AES(k, X), AES(k, Y), and AES(k, X $\mathbin{\oplus}$ Y). Then he would check that AES(k, X $\mathbin{\oplus}$ Y) = AES(k, X) $\mathbin{\oplus}$ AES(k, Y). If it did, he would know (with negligible error) that he was working with AES and not a random permutation because a random permutation would certainly not have that property. Thus he would break AES under the CPA model with just 3 chosen messages.

No, AES does not have such a property. In fact, such a property would be an extremely severe security weakness, as it would allow us to decrypt arbitrary ciphertext if we just had about 128 blocks of known plaintext/ciphertext pairs (!).

As for this "whitening mode", I first heard it proposed by Richard Schroeppel (to give credit where credit is due; he gave it a different name). As for security, it should be quite good (as long as your random numbers K are uncorrelated to the plaintexts you are encrypting).